From 2bb426229615768d5cbffde4315f54832f0931bc Mon Sep 17 00:00:00 2001
From: Jonathan Braswell <10187286+jbraswell@users.noreply.github.com>
Date: Sat, 15 Dec 2018 04:48:15 -0800
Subject: [PATCH] Inspect HTTP_X_FORWARDED_PORT, removing need for
 do_not_force_port

---
 main_server/semantic/index.php                | 19 ++++++++++++++-----
 .../classes/comdef_utilityclasses.inc.php     | 19 ++++++++++++++-----
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/main_server/semantic/index.php b/main_server/semantic/index.php
index a4b42909b..04a96a1d5 100644
--- a/main_server/semantic/index.php
+++ b/main_server/semantic/index.php
@@ -31,11 +31,20 @@
     require_once(dirname(dirname(__FILE__)).'/server/config/get-config.php');
     global $g_do_not_force_port;
 
-    $port = intval($_SERVER['SERVER_PORT']);
-
-    $forwarded_https = array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https";
-    // IIS puts "off" in the HTTPS field, so we need to test for that.
-    $https = ($forwarded_https || (!empty($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] !== 'off') || ($port == 443)))) ? true : false;
+    $from_proxy = array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER);
+    if ($from_proxy) {
+        $https = $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+        if (array_key_exists("HTTP_X_FORWARDED_PORT", $_SERVER)) {
+            $port = intval($_SERVER['HTTP_X_FORWARDED_PORT']);
+        } elseif ($https) {
+            $port = 443;
+        } else {
+            $port = 80;
+        }
+    } else {
+        $port = intval($_SERVER['SERVER_PORT']);
+        $https = !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] !== 'off' || $port == 443) ? true : false;
+    }
 
     $url_path = $_SERVER['SERVER_NAME'];
     $file_path = str_replace('\\', '/', dirname(dirname(dirname(dirname(dirname(__FILE__))))));
diff --git a/main_server/server/shared/classes/comdef_utilityclasses.inc.php b/main_server/server/shared/classes/comdef_utilityclasses.inc.php
index 733124984..3702ff0da 100755
--- a/main_server/server/shared/classes/comdef_utilityclasses.inc.php
+++ b/main_server/server/shared/classes/comdef_utilityclasses.inc.php
@@ -22,11 +22,20 @@ function GetURLToMainServerDirectory(
 ) {
     global $g_do_not_force_port;
 
-    $port = intval($_SERVER['SERVER_PORT']);
-
-    $forwarded_https = array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https";
-    // IIS puts "off" in the HTTPS field, so we need to test for that.
-    $https = $inAllowHTTPS && ($forwarded_https || (!empty($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] !== 'off') || ($port == 443)))) ? true : false;
+    $from_proxy = array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER);
+    if ($from_proxy) {
+        $https = $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+        if (array_key_exists("HTTP_X_FORWARDED_PORT", $_SERVER)) {
+            $port = intval($_SERVER['HTTP_X_FORWARDED_PORT']);
+        } elseif ($https) {
+            $port = 443;
+        } else {
+            $port = 80;
+        }
+    } else {
+        $port = intval($_SERVER['SERVER_PORT']);
+        $https = $inAllowHTTPS && (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] !== 'off' || $port == 443)) ? true : false;
+    }
 
     $url_path = $_SERVER['SERVER_NAME'];
     $file_path = str_replace('\\', '/', dirname(dirname(dirname(dirname(dirname(__FILE__))))));